Linux Distros Unpatched Vulnerability : CVE-2017-1000383

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU Emacs version 25.3.1 and other versions most likely ignores umask when creating a backup save file ORIGINALFILENAME resulting in files that may be world...

Linux Distros Unpatched Vulnerability : CVE-2014-0135

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for defaultvalues.yaml, which allows local users to obtain...

Unauthorized File Access

snowflake.data is vulnerable to Unauthorized File Access. The vulnerability is due to improper file handling, where downloaded files are temporarily stored in a world-readable local directory, allows unauthorized users on the same machine to access the files...

Denial Of Service (DoS)

@sentry/astro, @sentry/aws-serverless, @sentry/bun, @sentry/google-cloud-serverless, @sentry/nestjs, @sentry/nextjs, @sentry/node, @sentry/nuxt, @sentry/remix, @sentry/solidstart and @sentry/sveltekit are vulnerable to Denial of Service DoS. The vulnerability is due to resource exhaustion due to...

CVE-2025-0374

When etcupdate encounters conflicts while merging files, it saves a version containing conflict markers in /var/db/etcupdate/conflicts. This version does not preserve the mode of the input file, and is world-readable. This applies to files that would normally have restricted visibility, such as...

CVE-2025-24795

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when temporary credential...

PYSEC-2025-28

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when temporary credential...

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions due to insufficient permission enforcement in DirectoryOperations.cs when writing temporary files downloaded from stages to the OS temporary directory. A user with access to that world-readable directory ca...

GHSA-R2X6-CJG7-8R43 snowflake-connector-python vulnerable to insecure cache files permissions

Issue Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when temporary credential caching is enabled, the Snowflake Connector for Python will cache temporary credentials locally in a world-readable file. This vulnerability affects version...

CVE-2025-24795 The Snowflake Connector for Python uses insecure cache files permissions

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when temporary credential...

Snowflake JDBC uses insecure temporary credential cache file permissions

Issue Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. On Linux systems, when temporary credential caching is enabled, the Snowflake JDBC Driver will cache temporary credentials locally in a world-readable file. This vulnerability affects versions 3.6.8 through...

Snowflake snowflake-connector-net 安全漏洞

Snowflake snowflake-connector-net is the Snowflake connector from Snowflake USA for . A security vulnerability exists in snowflake-connector-net versions prior to 4.3.0, which originates when files downloaded from the Stage are temporarily placed in a globally-readable local directory, allowing...

PT-2025-5576 · Snowflake · Snowflake Connector For Python

Name of the Vulnerable Software and Affected Versions: Snowflake Connector for Python versions 2.3.7 through 3.13.0 Description: The Snowflake Connector for Python stores temporary credentials locally in a world-readable file when temporary credential caching is enabled on Linux systems. This iss...

PT-2025-5569 · Snowflake · Snowflake-Connector-Net

Name of the Vulnerable Software and Affected Versions: snowflake-connector-net versions 2.0.12 through 4.2.0 Description: The issue arises when files downloaded from stages are temporarily placed in a world-readable local directory, making them accessible to unauthorized users on the same machine...

Snowflake Connector for Python 安全漏洞

Snowflake Connector for Python is an open source interface from Snowflake Computing. It is used to develop Python applications that can connect to Snowflake and perform all standard operations. A security vulnerability exists in Snowflake Connector for Python versions prior to 3.13.1, which stems...

PT-2025-3859 · Etcupdate +1 · Etcupdate +1

Name of the Vulnerable Software and Affected Versions: etcupdate affected versions not specified Description: When etcupdate encounters conflicts while merging files, it saves a version containing conflict markers in /var/db/etcupdate/conflicts. This version does not preserve the mode of the inpu...

FreeBSD -- Unprivileged access to system files

Problem Description: When etcupdate encounters conflicts while merging files, it saves a version containing conflict markers in /var/db/etcupdate/conflicts. This version does not preserve the mode of the input file, and is world-readable. This applies to files that would normally have restricted...

CVE-2024-31906

IBM Automation Decision Services 23.0.2 allows web pages to be stored locally which can be read by another user on the system...

CVE-2024-28955

Affected devices create coredump files when crashed, storing them with world-readable permission. Any local user of the device can examine the coredump files, and research the memory contents. As for the details of affected product names, model numbers, and versions, refer to the information...

CVE-2024-28955

CVE-2024-28955 affects Sharp/Toshiba TEC MFPs. The issue arises from incorrect permission assignment, causing crash coredump files to be world-readable; any local user can inspect memory contents. Public details cover affected models/versions through vendor notices and related advisories. Remedia...